Oval Definition:	oval:org.opensuse.security:def:60852
Revision Date: 2020-12-01 Version: 1 Title: Security update for python-cryptography (Moderate) Description: This update for python-cryptography fixes the following issues: - CVE-2018-10903: The finalize_with_tag API did not enforce a minimum tag length. If a user did not validate the input length prior to passing it to finalize_with_tag an attacker could craft an invalid payload with a shortened tag (e.g. 1 byte) such that they would have a 1 in 256 chance of passing the MAC check. GCM tag forgeries could have caused key leakage (bsc#1101820) Family: unix Class: patch Status: Reference(s): 1049825 1053417 1068689 1091041 1097560 1101820 1109663 1109847 1109893 1110542 1111319 1112911 1113296 1115375 1116995 1119461 1119465 1120629 1120630 1120631 1121826 1122292 1122299 1127155 1131107 1131823 1133719 1134226 1137977 1138034 1138190 1138301 1138303 1138459 1138734 1140039 1141780 1141782 1141783 1141784 1141785 1141786 1141787 1141789 1145521 1146544 1146612 1147021 1150466 1150483 1152631 1153811 1154905 1155689 1155897 1155898 1156146 1156187 1157038 1157042 1157070 1157143 1157158 1157191 1157324 1157333 1157464 1158132 1158394 1158398 1158410 1158413 1158417 1158445 1158823 1158824 1158827 1158834 1158900 1158903 1158904 1158954 1160467 1160468 1163985 1171477 1171930 1172265 1174543 CVE-2015-4491 CVE-2017-16852 CVE-2017-9103 CVE-2017-9104 CVE-2017-9105 CVE-2017-9106 CVE-2017-9107 CVE-2017-9108 CVE-2017-9109 CVE-2018-1000802 CVE-2018-10903 CVE-2018-11212 CVE-2018-14647 CVE-2018-20532 CVE-2018-20533 CVE-2018-20534 CVE-2019-10160 CVE-2019-10161 CVE-2019-10164 CVE-2019-10167 CVE-2019-11771 CVE-2019-11772 CVE-2019-11775 CVE-2019-14818 CVE-2019-14895 CVE-2019-14896 CVE-2019-14897 CVE-2019-15213 CVE-2019-16231 CVE-2019-18660 CVE-2019-18680 CVE-2019-18683 CVE-2019-18805 CVE-2019-19052 CVE-2019-19062 CVE-2019-19065 CVE-2019-19073 CVE-2019-19074 CVE-2019-19332 CVE-2019-19338 CVE-2019-19523 CVE-2019-19524 CVE-2019-19525 CVE-2019-19527 CVE-2019-19530 CVE-2019-19531 CVE-2019-19532 CVE-2019-19533 CVE-2019-19534 CVE-2019-19535 CVE-2019-19536 CVE-2019-19537 CVE-2019-2449 CVE-2019-2745 CVE-2019-2762 CVE-2019-2762 CVE-2019-2766 CVE-2019-2766 CVE-2019-2769 CVE-2019-2769 CVE-2019-2786 CVE-2019-2786 CVE-2019-2816 CVE-2019-2816 CVE-2019-2842 CVE-2019-4473 CVE-2019-6133 CVE-2019-7317 CVE-2019-7317 CVE-2020-10722 CVE-2020-1720 SUSE-SU-2017:3215-1 SUSE-SU-2018:2904-1 SUSE-SU-2018:3553-1 SUSE-SU-2019:2227-1 SUSE-SU-2019:2265-1 SUSE-SU-2019:2371-1 SUSE-SU-2019:3379-1 SUSE-SU-2020:0715-1 SUSE-SU-2020:1612-1 SUSE-SU-2020:2194-1 Platform(s): openSUSE Leap 15.1 openSUSE Leap 15.1 NonFree SUSE Linux Enterprise Server 12 SP3 SUSE Linux Enterprise Server 12 SP3-BCL SUSE Linux Enterprise Server 12 SP3-ESPOS SUSE Linux Enterprise Server 12 SP3-LTSS SUSE Linux Enterprise Server 12 SP3-TERADATA SUSE Linux Enterprise Server 12 SP4 SUSE Linux Enterprise Server 12 SP4-LTSS SUSE OpenStack Cloud 9 SUSE OpenStack Cloud Crowbar 8 SUSE OpenStack Cloud Crowbar 9 Product(s): Definition Synopsis openSUSE Leap 15.1 is installed AND Package Information tomcat-9.0.21-lp151.3.3 is installed OR tomcat-admin-webapps-9.0.21-lp151.3.3 is installed OR tomcat-docs-webapp-9.0.21-lp151.3.3 is installed OR tomcat-el-3_0-api-9.0.21-lp151.3.3 is installed OR tomcat-embed-9.0.21-lp151.3.3 is installed OR tomcat-javadoc-9.0.21-lp151.3.3 is installed OR tomcat-jsp-2_3-api-9.0.21-lp151.3.3 is installed OR tomcat-jsvc-9.0.21-lp151.3.3 is installed OR tomcat-lib-9.0.21-lp151.3.3 is installed OR tomcat-servlet-4_0-api-9.0.21-lp151.3.3 is installed OR tomcat-webapps-9.0.21-lp151.3.3 is installed Definition Synopsis openSUSE Leap 15.1 NonFree is installed AND opera-68.0.3618.104-lp151.2.18 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3 is installed AND Package Information libshibsp-lite6-2.5.5-6.3 is installed OR libshibsp6-2.5.5-6.3 is installed OR shibboleth-sp-2.5.5-6.3 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-BCL is installed AND Package Information libsolv-0.6.36-2.27.19 is installed OR libsolv-tools-0.6.36-2.27.19 is installed OR libzypp-16.20.2-27.60 is installed OR perl-solv-0.6.36-2.27.19 is installed OR python-solv-0.6.36-2.27.19 is installed OR zypper-1.13.54-18.40 is installed OR zypper-log-1.13.54-18.40 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-ESPOS is installed AND Package Information libpython3_4m1_0-3.4.6-25.29 is installed OR python3-3.4.6-25.29 is installed OR python3-base-3.4.6-25.29 is installed OR python3-curses-3.4.6-25.29 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-LTSS is installed AND Package Information java-1_8_0-ibm-1.8.0_sr5.40-30.54 is installed OR java-1_8_0-ibm-alsa-1.8.0_sr5.40-30.54 is installed OR java-1_8_0-ibm-plugin-1.8.0_sr5.40-30.54 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP3-TERADATA is installed AND Package Information gdk-pixbuf-2.34.0-19.17 is installed OR gdk-pixbuf-lang-2.34.0-19.17 is installed OR gdk-pixbuf-query-loaders-2.34.0-19.17 is installed OR gdk-pixbuf-query-loaders-32bit-2.34.0-19.17 is installed OR libgdk_pixbuf-2_0-0-2.34.0-19.17 is installed OR libgdk_pixbuf-2_0-0-32bit-2.34.0-19.17 is installed OR typelib-1_0-GdkPixbuf-2_0-2.34.0-19.17 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4 is installed AND Package Information apache2-2.4.23-29.24 is installed OR apache2-doc-2.4.23-29.24 is installed OR apache2-example-pages-2.4.23-29.24 is installed OR apache2-prefork-2.4.23-29.24 is installed OR apache2-utils-2.4.23-29.24 is installed OR apache2-worker-2.4.23-29.24 is installed Definition Synopsis SUSE Linux Enterprise Server 12 SP4-LTSS is installed AND squid-3.5.21-26.32 is installed Definition Synopsis SUSE OpenStack Cloud 9 is installed AND Package Information grub2-2.02-12.39 is installed OR grub2-i386-pc-2.02-12.39 is installed OR grub2-snapper-plugin-2.02-12.39 is installed OR grub2-systemd-sleep-plugin-2.02-12.39 is installed OR grub2-x86_64-efi-2.02-12.39 is installed OR grub2-x86_64-xen-2.02-12.39 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 8 is installed AND python-cryptography-2.0.3-3.3 is installed Definition Synopsis SUSE OpenStack Cloud Crowbar 9 is installed AND python-Twisted-15.2.1-9.8 is installed
BACK